openssl

zzy/openssl

Fork 0

Commit Graph

Author	SHA1	Message	Date
Dr. David von Oheimb	9495cfbc22	make various test CA certs RFC 5280 compliant w.r.t. X509 extensions Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13719)	2021-01-20 15:53:47 +01:00
Viktor Dukhovni	4d9e33acb2	Require intermediate CAs to have basicConstraints CA:true. Previously, it was sufficient to have certSign in keyUsage when the basicConstraints extension was missing. That is still accepted in a trust anchor, but is no longer accepted in an intermediate CA. Reviewed-by: Rich Salz <rsalz@openssl.org>	2016-03-29 20:54:34 -04:00

Author

SHA1

Message

Date

Dr. David von Oheimb

9495cfbc22

make various test CA certs RFC 5280 compliant w.r.t. X509 extensions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13719)

2021-01-20 15:53:47 +01:00

Viktor Dukhovni

4d9e33acb2

Require intermediate CAs to have basicConstraints CA:true.

Previously, it was sufficient to have certSign in keyUsage when the
basicConstraints extension was missing.  That is still accepted in
a trust anchor, but is no longer accepted in an intermediate CA.

Reviewed-by: Rich Salz <rsalz@openssl.org>

2016-03-29 20:54:34 -04:00

2 Commits